Note: The following content is excerpted from my recently published Fiddler book.
While it’s currently a Windows-only tool, you can still use Fiddler to debug traffic from Apple’s iOS-based devices if you have a Windows-based PC to run Fiddler on, and a Wi-Fi connection shared between that PC and your iOS device. The steps aren’t hard, and this configuration gives you a powerful way to debug iPad, iPod, and iPhone traffic.
To configure Fiddler, click Tools > Fiddler Options > Connections and check the box labeled Allow remote computers to connect. You will need to restart Fiddler for the change to take effect, and you may need to reconfigure your firewall to allow incoming connections to the Fiddler process.
You should verify the client computer can successfully reach Fiddler without problems caused by the firewall or router by opening the browser and visiting http://FiddlerMachineIP:8888. If you see the “Fiddler Echo Service” webpage, then you know that the client and Fiddler are able to communicate.
Hint: You can easily find the Fiddler PC’s IP address by hovering over the Online indicator in the Fiddler toolbar:
Note: If you’re using the iPhone, you must disable the 3g/4g connection to force all requests to go over Wi-Fi.
Set the Device’s Proxy
To capture web traffic from an Apple device, you must first configure its proxy settings to point to your Desktop PC running Fiddler.
To access the proxy settings, click the Settings icon on the home screen. In the Settings list, pick General and then choose Network from the list. Click Wi-Fi and push the small blue arrow at the right of the Wi-Fi network’s name to configure its settings. Click the Manual option in the HTTP Proxy section. In the Server box, enter the IP address or hostname of your Fiddler instance. In the Port box, provide the port Fiddler is listening on. You should leave the Authentication slider set to Off.
Decrypting HTTPS Traffic from iOS
To enable Fiddler to generate certificates compatible with iOS devices, download the Certificate Maker plugin for Fiddler from http://fiddler2.com/r/?FiddlerCertMaker.
This plugin replaces the default certificate generation code in Fiddler with a version based on the open-source Bouncy Castle cryptography library. It generates iOS-compatible certificates by default, and respects several Preferences to enable compatibility with a wide-variety of platforms.
After restarting Fiddler with the new certificate maker installed, first configure the device to trust Fiddler’s root certificate. After configuring your device to use Fiddler as its proxy, open http://ipv4.fiddler:8888/ from your device.
From the bottom of the Fiddler Echo Service webpage, download the FiddlerRoot certificate:
Open the FiddlerRoot.cer file and you will see the Install Profile screen:
Tap the Install button. You’ll then see a warning, which you may acknowledge by pressing the Install button:
After Fiddler’s root certificate is installed, your device’s browser and applications should no longer complain about certificate errors when Fiddler is decrypting their traffic.
If you later decide to uninstall the root certificate from the device, open the Settings app, click General, and scroll down to Profiles at the bottom. Select the DO_NOT_TRUST_FiddlerRoot profile, and tap Remove.
Of course, Fiddler can also debug traffic from Windows Phone and Android devices, as well as Linux and Mac systems.